Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Support the SameSite field in Cookies
  • Loading branch information
dstufft committed Jun 13, 2016
1 parent 9c1a5af commit b6806ef
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 4 deletions.
9 changes: 7 additions & 2 deletions webob/cookies.py
Expand Up @@ -252,6 +252,7 @@ def __init__(self, name, value):
max_age = cookie_property(b'max-age', serialize_max_age)
httponly = cookie_property(b'httponly', bool)
secure = cookie_property(b'secure', bool)
samesite = cookie_property(b'samesite')

def __setitem__(self, k, v):
k = bytes_(k.lower(), 'ascii')
Expand All @@ -277,6 +278,8 @@ def serialize(self, full=True):
add(b'secure')
if self.httponly:
add(b'HttpOnly')
if self.samesite:
add(b'SameSite=' + self.samesite)
return native_(b'; '.join(result), 'ascii')

__str__ = serialize
Expand Down Expand Up @@ -424,11 +427,11 @@ def _path_quote(v):
}
_c_valkeys = sorted(_c_renames)
_c_keys = set(_c_renames)
_c_keys.update([b'expires', b'secure', b'httponly'])
_c_keys.update([b'expires', b'secure', b'httponly', b'samesite'])


def make_cookie(name, value, max_age=None, path='/', domain=None,
secure=False, httponly=False, comment=None):
secure=False, httponly=False, comment=None, samesite=None):
""" Generate a cookie value. If ``value`` is None, generate a cookie value
with an expiration date in the past"""

Expand Down Expand Up @@ -472,6 +475,8 @@ def make_cookie(name, value, max_age=None, path='/', domain=None,
morsel.expires = expires
if comment is not None:
morsel.comment = bytes_(comment)
if samesite is not None:
morsel.samesite = samesite
return morsel.serialize()

class JSONSerializer(object):
Expand Down
11 changes: 9 additions & 2 deletions webob/response.py
Expand Up @@ -702,7 +702,8 @@ def _content_type_params__del(self):

def set_cookie(self, name=None, value='', max_age=None,
path='/', domain=None, secure=False, httponly=False,
comment=None, expires=None, overwrite=False, key=None):
comment=None, expires=None, overwrite=False, key=None,
samesite=None):
"""
Set (add) a cookie for the response.
Expand Down Expand Up @@ -753,6 +754,12 @@ def set_cookie(self, name=None, value='', max_age=None,
in the cookie, if it's ``False``, the ``HttpOnly`` flag will not
be sent in the cookie.
``samesite``
A string representing the ``SameSite`` attribute of the cookie or
``None``. If samesite is ``None`` no ``SameSite`` value will be sent
in the cookie. Should only be ``b"Strict"`` or ``b"Lax"``
``comment``
A string representing the cookie ``Comment`` value, or ``None``.
Expand Down Expand Up @@ -800,7 +807,7 @@ def set_cookie(self, name=None, value='', max_age=None,

cookie = make_cookie(name, value, max_age=max_age, path=path,
domain=domain, secure=secure, httponly=httponly,
comment=comment)
comment=comment, samesite=samesite)

self.headerlist.append(('Set-Cookie', cookie))

Expand Down

0 comments on commit b6806ef

Please sign in to comment.